Navicat Blog

Oct 30, 2018 by Robert Gravelle

Navicat for MongoDB includes GUI Designers for both Users and Roles. We were introduced to the User Designer in the last blog. Today, we'll learn how to edit user roles using Navicat's Role Designer.

Accessing User Roles

Both users' information and privileges are stored on the server, because Navicat employs MongoDB's native commands behind the scenes. The User and Role commands are located in the main window toolbar. Clicking the button opens the user/role object list:

In the last blog, we chose the User item. This time, we'll select Role. That brings up the Roles Toolbar in the Objects tab, along with a list of roles for that database. For instance, here are the user roles that we created in the last blog:

Working with the Role Tab

Highlighting a role enables the Edit Role and Delete Role buttons. Clicking on Edit Role then opens the role in a new tab. It contains a number of tabs; in fact, both the create and edit role actions share the same tabs. The difference is that, in the case of edits, the Role Name is pre-populated in the General tab and read-only:


Here's a quick rundown of the Role tabs:

  • General Properties: Role Name: Defines a name for the role.
  • Built-In Roles Use this list to assign the role to be a member of the selected built-in role.
  • User-Defined Roles Use this list to assign the role to be a member of the selected user-defined role.
  • Members (Roles) Use this list to assign the selected role to be a member of this role.
  • Members (Users) Use this list to assign the selected user to be a member of this role.
  • Authentication Restrictions To edit specific authentication restrictions that the server enforces on the role, click Add Restriction.
  • Client Source Specifies a list of IP addresses or CIDR ranges to restrict the client's IP address.
  • Server Address Specifies a list of IP addresses or CIDR ranges to which the client can connect.

About Authentication Restrictions

New to version 3.6, an authentication restriction specifies a list of IP addresses and Classless Inter-Domain Routing (CIDR) ranges from which the user is allowed to connect to the server or from which the server can accept users.

The authenticationRestrictions document can contain only the following two fields. The server throws an error if the authenticationRestrictions document contains an unrecognized field:

  • clientSource is an array of IP addresses and/or CIDR ranges. The server will verify that the client's IP address is either in the given list or belongs to a CIDR range in the list, when one or more values are present. If the client's IP address is not found, the server will not authenticate the user.

    In Navicat, clientSource values may be added directly to the Client Source field, as a comma-separated list, or via the Client Source dialog. It is activated by clicking on the ellipsis [...] button at the right of the field:
  • serverAddress is an array of IP addresses and/or CIDR ranges to which the client can connect. If one or more values are present, the server will verify that the client's connection was accepted via an IP address in the given list. If the connection was accepted via an unrecognized IP address, the server does not authenticate the user.

In Navicat, serverAddress values may be added directly to the Server Address field, as a comma-separated list, or via the Server Address dialog. It is activated by clicking on the ellipsis [...] button at the right of the field:

Don't forget to click the Save button to save the updated role!

Navicat Blogs
Feed Entries
Blog Archives
Share